Skip to content
November 22, 2011 / doganay

PURGE AUDIT TRAIL XML

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Hi,

You may want to purge your audit trail xml:

https://doganay.wordpress.com/2011/11/22/purge-audit-trail-xml/

You purged your xml audit , but if you still see xml files in  adx_SID.txt  ;

you hit this bug:

Bug 8582371: DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL DOES NOT CLEAN UP ENTRIES IN ADX_SID.TXT

Workaround: Delete your audit xml by a shell script every day. (I assume that some tool copies these logs to its server daily.)


## deleteaudit.sh v1.4
if [[ -f ~/.profile ]]
then
. ~/.profile
elif [[ -f ~/.bash_profile ]]
then
. ~/.bash_profile
fi
if [[ -f $ORACLE_HOME/oui/oraparam.ini ]]
then
export VER1=$(grep OUI_VERSION $ORACLE_HOME/oui/oraparam.ini|awk -F"=" '{print $2}'|awk -F"." '{print $1}')
export VER2=$(grep OUI_VERSION $ORACLE_HOME/oui/oraparam.ini|awk -F"=" '{print $2}'|awk -F"." '{print $2}')
fi
if [[ "X"$VER1 == "X" || "X"$VER2 == "X" ]]
then
echo "\$ORACLE_HOME/oui/oraparam.ini file not found."
exit 1
fi
if [[ $VER1 -lt 10 ]]
then
echo "Runs on Oracle 10g and newer."
exit 2
fi
audit_purge () {
if [[ $VER1 -eq 10 ]]
then
export XMLNAME=$(echo $1|tr '[A-Z]' '[a-z]')
fi
find $AUDITDEST -name "$XMLNAME*.xml" -mtime +1 -exec rm -f {} \;
find $AUDITDEST -name "$XMLNAME*.aud" -mtime +1 -exec rm -f {} \;
if [[ "X"$VER1 != "X" && "X"$VER2 != "X" ]]
then
if [[ ($VER1 -lt 11 || ($VER1 -eq 11 && $VER2 -eq 1)) ]]
then
find $AUDITDEST -name "$XMLNAME*xml" -exec basename {} \; | awk '{printf("%s\n%s\n","'${AUDITDEST}'",$1)}' > ${AUDITDEST}/adx_$1.txt
fi
fi
}
# Do not forget to change your audit dest.

export AUDITDEST=”/u01/AUDIT”

# Be sure that all dbs use same oracle home dir.

audit_purge mydb1
audit_purge mydb2
chmod go-rwx $AUDITDEST/*


I added version control in my script, because starting with 11.2, the usage of the ADX file has been removed.

ORA-00600[kzaxgfl:lowmem] when ADX file has dangling entries [ID 879305.1]

Starting release 11.2, the usage of the ADX file has been removed. The ADX file no longer exists in the adump destination. Consequently, starting with this release, the manual maintenance of the ADX file is no longer needed.

try and pray 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: